General

  • Target

    f37659549cb2cfd920edc790fdf8e107bc15798455760bf11f53db6ee91af68d

  • Size

    611KB

  • Sample

    241111-hn58watrcv

  • MD5

    74833203c403021faa9f2e1c0d25e7f3

  • SHA1

    75c719a076b25b7206be27738887bd50005e1396

  • SHA256

    f37659549cb2cfd920edc790fdf8e107bc15798455760bf11f53db6ee91af68d

  • SHA512

    cc3cfde8833a5901261005011bd4749de634dd2cc57117d3087770a4ab00e72d1255e6d2fd276460921087fc0b48e9ae2b360801ae35bc137566a3636295a4be

  • SSDEEP

    12288:Jy90875YJOlG4Sv2ff/kqgS9zIiIdCvMDa94ic:JyZ7RS+nZ98iIdOMDaHc

Malware Config

Targets

    • Target

      f37659549cb2cfd920edc790fdf8e107bc15798455760bf11f53db6ee91af68d

    • Size

      611KB

    • MD5

      74833203c403021faa9f2e1c0d25e7f3

    • SHA1

      75c719a076b25b7206be27738887bd50005e1396

    • SHA256

      f37659549cb2cfd920edc790fdf8e107bc15798455760bf11f53db6ee91af68d

    • SHA512

      cc3cfde8833a5901261005011bd4749de634dd2cc57117d3087770a4ab00e72d1255e6d2fd276460921087fc0b48e9ae2b360801ae35bc137566a3636295a4be

    • SSDEEP

      12288:Jy90875YJOlG4Sv2ff/kqgS9zIiIdCvMDa94ic:JyZ7RS+nZ98iIdOMDaHc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks